Spear Phishing
Spear Phishing
A scam technique that targets specific individuals or organizations with convincing, fake emails that look authentic.
In Simple Terms
Spear phishing is a scam where attackers target a specific person or organization with fake emails that look completely genuine. For example, they might disguise themselves as work-related messages tied directly to your job, or routine notifications from a service you regularly use. Unlike ordinary junk mail, these emails naturally weave in details like your name or the projects you're working on, which makes them hard to spot — and the damage keeps piling up as people keep falling for it.
Behind the Name
The name plays on the fishing metaphor already built into "phishing": while ordinary phishing casts a wide net hoping to catch anyone who bites, spear phishing takes precise aim at one specific target — like spearfishing for a single fish instead of trawling with a net.
Take a Closer Look!
Spear phishing is a scam that takes deliberate aim at a specific person, organization, or company.
Unlike ordinary phishing, which blasts the same fake email out to as many people as possible, spear phishing's defining trait is that attackers dig deep into the target's personal details and work life before ever sending a message.
Attackers gather the target's name, job title, the names of business partners, and details about ongoing projects from social media and company websites.
They then send emails posing as a business partner or boss, tricking the target into opening a virus-laden attachment or visiting a fake login page.
In short, it's a trap custom-built just for you, which is exactly what makes it so hard to recognize as a scam at a glance.
That's why you need to stay alert even to emails from people you regularly correspond with — especially if the message is pushing you to change a bank transfer destination or rushing you to enter a password.